Advances in Digital Forensics XII
Description
Digital forensics deals with the acquisition, preservation, examination, analysis and presentation of electronic evidence. Networked computing, wireless communications and portable electronic devices have expanded the role of digital forensics beyond traditional computer crime investigations. Practically every crime now involves some aspect of digital evidence; digital forensics provides the techniques and tools to articulate this evidence. Digital forensics also has myriad intelligence applications. Furthermore, it has a vital role in information assurance -- investigations of security breaches yield valuable information that can be used to design more secure systems.
Advances in Digital Forensics XII describes original research results and innovative applications in the discipline of digital forensics. In addition, it highlights some of the major technical and legal issues related to digital evidence and electronic crime investigations. The areas of coverage include: Themes and Issues, Mobile Device Forensics, Network Forensics, Cloud Forensics, Social Media Forensics, Image Forensics, Forensic Techniques, and Forensic Tools.
This book is the twelfth volume in the annual series produced by the International Federation for Information Processing (IFIP) Working Group 11.9 on Digital Forensics, an international community of scientists, engineers and practitioners dedicated to advancing the state of the art of research and practice in digital forensics. The book contains a selection of twenty edited papers from the Twelfth Annual IFIP WG 11.9 International Conference on Digital Forensics, held in New Delhi, India in the winter of 2016.
Advances in Digital Forensics XII is an important resource for researchers, faculty members and graduate students, as well as for practitioners and individuals engaged in research and development efforts for the lawenforcement and intelligence communities.
Gilbert Peterson, Chair, IFIP WG 11.9 on Digital Forensics, is a Professor of Computer Engineering at the Air Force Institute of Technology, Wright-Patterson Air Force Base, Ohio, USA.
Sujeet Shenoi is the F.P. Walter Professor of Computer Science and a Professor of Chemical Engineering at the University of Tulsa, Tulsa, Oklahoma, USA.
More details
Other editions
Additional editions
Persons
Content
- Intro
- Contents
- Contributing Authors
- Preface
- I THEMES AND ISSUES
- 1 ON A SCIENTIFIC THEORY OF DIGITAL FORENSICS
- 1. Introduction
- 2. Rationale for Scientific Evidence in Society
- 3. Domain of Digital Forensic Science
- 3.1 Foundational Concepts
- 4. Achieving Scientific Status
- 4.1 Observation
- 4.2 Automata Theory
- 4.3 Bits, Bytes or Files?
- 4.4 Investigations, Examinations and Analyses
- 5. Discussion
- 6. Conclusions
- Acknowledgement
- References
- 2 DATA PRIVACY PERCEPTIONS ABOUT DIGITAL FORENSIC INVESTIGATIONS IN INDIA
- 1. Introduction
- 2. Research Methodology
- 3. Survey Participant Demographics
- 4. Investigator Perceptions of Privacy
- 4.1 Following Forensic Procedures
- 4.2 Completing the Evidence Gathering Phase
- 4.3 Accessing Private Files
- 5. Cyber Lawyer Perceptions of Privacy
- 5.1 Completing a Case
- 5.2 Using Evidence in Other Cases
- 5.3 Protecting Data Privacy
- 5.4 Misusing Personal Information
- 6. General Public Perceptions of Privacy
- 6.1 Attitudes Towards Privacy
- 6.2 Awareness of Investigations
- 7. Proposed Data Privacy Solution
- 7.1 Privacy and Investigations
- 7.2 Privacy Solution
- 8. Conclusions
- References
- 3 A FRAMEWORK FOR ASSESSING THE CORE CAPABILITIES OF A DIGITAL FORENSIC ORGANIZATION
- 1. Introduction
- 2. Research Methodology
- 3. Related Work
- 3.1 Digital Forensic Readiness
- 3.2 Capability Maturity Model
- 3.3 Digital Forensics Management Framework
- 3.4 Digital Forensic Laboratory Development
- 4. DFOCC Framework
- 4.1 Equation Representation
- 4.2 Role of Policy
- 5. DFOCC Application
- 5.1 Roadmap for Organization Development
- 5.2 Evidence Admissibility
- 5.3 Areas of Success
- 5.4 Attainable Universal Benchmark
- 5.5 DFOCC Advantages
- 6. Conclusions
- References
- MOBILE DEVICE FORENSICS
- II MOBILE DEVICEFORENSICS
- 4 OPTIMIZING SHORT MESSAGE TEXT SENTIMENT ANALYSIS FOR MOBILE DEVICE FORENSICS
- 1. Introduction
- 2. Related Work
- 3. Datasets and Classification
- 3.1 Datasets
- 3.2 Pre-Processing
- 3.3 Classifier Features
- 4. Evaluation and Discussion
- 5. Sentiment Visualization Tool
- 6. Conclusions
- References
- 5 IMPACT OF USER DATA PRIVACY MANAGEMENT CONTROLS ON MOBILE DEVICE INVESTIGATIONS
- 1. Introduction
- 2. Data Privacy Concerns
- 3. Mechanisms for Enhancing Data Privacy
- 3.1 App-Based Model
- 3.2 Android Open Source Project Variations
- 3.3 Secure Container (BYOD) Model
- 3.4 Towards a New Era of Mobile Computing
- 4. Other Open Source Operating Systems
- 5. Android Version 6
- 6. Related Work
- 7. Conclusions
- References
- 6 ANALYZING MOBILE DEVICE ADS TO IDENTIFY USERS
- 1. Introduction
- 2. Background
- 2.1 Information Revealed by Ads
- 2.2 Mobile Advertisement Architecture
- 3. Related Work
- 4. Methodology
- 5. Mobile Devices
- 5.1 iOS Ad Architecture
- 5.2 Android Ad Architecture
- 6. Results and Discussion
- 6.1 Ad Category
- 6.2 Ad Interest
- 6.3 User Information
- 6.4 Observations and Inferences
- 7. Conclusions
- References
- 7 A FORENSIC METHODOLOGY FOR ANALYZING NINTENDO 3DS DEVICES
- 1. Introduction
- 2. Related Work
- 2.1 Devices with Hard Drives
- 2.2 Devices without Hard Drives
- 3. Forensic Value
- 4. Forensic Analysis Methodology
- 5. Conclusions
- References
- NETWORK FORENSICS
- III NETWORK FORENSICS
- 8 RECONSTRUCTING INTERACTIONS WITH RICH INTERNET APPLICATIONS FROM HTTP TRACES
- 1. Introduction
- 2. Session Reconstruction Methodology
- 2.1 Inputs, Outputs and Assumptions
- 2.2 Architecture and Approach
- 3. Experimental Results
- 4. Related Work
- 5. Conclusions
- Acknowledgement
- References
- 9 RECONSTRUCTING TABBED BROWSER SESSIONS USING METADATA ASSOCIATIONS
- 1. Introduction
- 2. Related Work
- 3. Multi-Threaded Browser Application Design
- 4. Mapping Browser Actions
- 4.1 Browser Sessions and Logging
- 4.2 Tracking a Browser Session
- 5. Eliciting Session-Based Relationships
- 5.1 Modeling Browser Sessions
- 5.2 Developing a Browser Session State Space
- 5.3 Coherent Event Relationship
- 5.4 Concurrent Event Relationship
- 6. Identifying Browser Artifact Relationships
- 7. Results and Discussion
- 7.1 Results
- 7.2 Discussion
- 8. Conclusions
- References
- 10 A PROBABILISTIC NETWORK FORENSIC MODEL FOR EVIDENCE ANALYSIS
- 1. Introduction
- 2. Background and Related Work
- 3. Logical Evidence Graphs
- 4. Computing Probabilities
- 4.1 Computing
- 4.2 Computing the False Positive Rate
- 5. Case Study
- 5.1 Experimental Network
- 5.2 Constructing the Graph
- 5.3 Computations
- 6. Conclusions
- References
- CLOUD FORENSICS
- IV CLOUD FORENSICS
- 11 API-BASED FORENSIC ACQUISITION OF CLOUD DRIVES
- 1. Introduction
- 2. Related Work
- 2.1 Cloud Computing
- 2.2 Cloud Drive Forensics
- 2.3 Forensic Uses of Cloud Service APIs
- 2.4 Summary
- 3. Rationale for API-Based Acquisition
- 3.1 Limitations of Client-Side Acquisition
- 3.2 Benefits of API-Based Acquisition
- 4. Tool Design and Implementation
- 4.1 Architecture
- 4.2 Command-Line Interface
- 4.3 Web-Based GUI
- 4.4 Validation
- 5. Discussion
- 6. Conclusions
- References
- 12 THE CLOUD STORAGE ECOSYSTEM - A NEW BUSINESS MODEL FOR INTERNET PIRACY?
- 1. Introduction
- 2. Cloud Storage Ecosystem
- 3. Related Work
- 4. Cloud Storage Ecosystem Revenue Model
- 4.1 Dataset
- 4.2 Leader/Central Contributor Revenue Model
- 4.3 Contributor Revenue Models
- 5. Results and Analysis
- 5.1 Leader/Central Contributor Revenue
- 5.2 Contributor Revenue
- 6. Discussion
- 7. Conclusions
- References
- SOCIAL MEDIA FORENSICS
- V SOCIAL MEDIAFORENSICS
- 13 WINDOWS 8.x FACEBOOK AND TWITTER METRO APP ARTIFACTS
- 1. Introduction
- 2. Related Work
- 2.1 Windows 8.x Artifacts
- 2.2 Social Media Artifacts
- 3. Proposed Methodology
- 3.1 Phase 1
- 3.2 Phase 2
- 3.3 Phase 3
- 4. Results
- 4.1 App Data Storage and User Data Storage
- 4.2 Artifacts and Their Locations
- 5. Analysis of Results
- 5.1 Analysis of Facebook Metro App Artifacts
- 5.2 Analysis of Database Files
- 5.3 Analysis of Twitter Metro App Artifacts
- 6. Discussion
- 7. Conclusions
- References
- 14 PROFILING FLASH MOB ORGANIZERS IN WEB DISCUSSION FORUMS
- 1. Introduction
- 2. Related Work
- 3. Profiling Flash Mob Organizers
- 3.1 Discussion Forum Dataset
- 3.2 Key Behavioral Attributes
- 3.3 Social Influence
- 3.4 Profiling Flash Mob Organizers
- 4. Description of Experiments
- 4.1 Classification of Topic Authors
- 4.2 Cluster Comparison
- 5. Discussion
- 6. Conclusions
- References
- IMAGE FORENSICS
- VI IMAGE FORENSICS
- 15 ENHANCING IMAGE FORGERY DETECTION USING 2-D CROSS PRODUCTS
- 1. Introduction
- 2. Related Work
- 3. Proposed Method
- 4. Experimental Results
- 5. Discussion
- 6. Conclusions
- References
- 16 FORENSIC AUTHENTICATION OF BANK CHECKS
- 1. Introduction
- 2. Security Features in Bank Checks
- 2.1 Features Embedded During Manufacture
- 2.2 Features Incorporated During Printing
- 3. Bank Check Authentication Methodology
- 3.1 Bank Check Image Dataset
- 3.2 Color and Texture Feature Extraction
- 3.3 Authentication
- 4. Results and Discussion
- 5. Conclusions
- References
- FORENSIC TECHNIQUES
- VII FORENSIC TECHNIQUES
- 17 DATA TYPE CLASSIFICATION: HIERARCHICAL CLASS-TO-TYPE MODELING
- 1. Introduction
- 2. Methodology
- 3. Experimentation
- 3.1 Hypothesized Model Testing
- 3.2 Exploratory Cluster Analysis
- 3.3 Identifying the Winning Model
- 4. Winning Model Discussion
- 5. Limitations and Future Research
- 6. Conclusions
- Acknowledgement
- References
- 18 SECURE FILE DELETION FOR SOLID STATE DRIVES
- 1. Introduction
- 2. Background
- 3. Related Work
- 3.1 Layers and Interfaces
- 3.2 Choice of Layer for Secure Deletion
- 3.3 Controller Level Approaches
- 3.4 Filesystem Level Approaches
- 3.5 Application Level Approaches
- 3.6 Cross Layer Approaches
- 4. Proposed Secure Deletion Approach
- 5. Experimental Results
- 5.1 Experimental Setup
- 5.2 Garbage Collection Overhead
- 5.3 Impact of Extra Blocks
- 6. Countering Secure Deletion
- 6.1 Countering Single File Sanitization
- 6.2 Countering Entire Drive Sanitization
- 7. Conclusions
- References
- FORENSIC TOOLS
- VIII FORENSIC TOOLS
- 19 A TOOL FOR VOLATILE MEMORY ACQUISITION FROM ANDROID DEVICES
- 1. Introduction
- 2. Related Work
- 2.1 Hardware Methods
- 2.2 Software Methods
- 2.3 Commercial Memory Forensics Tools
- 3. AMExtractor Design
- 4. Implementation
- 4.1 Gathering Information
- 4.2 Using /dev/kmem to Deploy the Trigger
- 4.3 Running Code at the Kernel Privilege Level
- 4.4 Mappping and Reading Kernel Memory
- 4.5 Transmitting Memory Content
- 5. Experimental Evaluation
- 5.1 Applicability Evaluation
- 5.2 Integrity Evaluation
- 6. In-Depth Analysis of Extracted Memory
- 7. Conclusions
- Acknowledgement
- References
- 20 ADVANCED AUTOMATED DISK INVESTIGATION TOOLKIT
- 1. Introduction
- 2. Related Work
- 3. AUDIT
- 3.1 Database
- 3.2 Knowledge Base
- 3.3 Core Engine
- 3.4 Expert System
- 4. Reporting in AUDIT
- 5. Testing AUDIT
- 5.1 Experimental Setup
- 5.2 Testing Regiment 1
- 5.3 Testing Regimen 2
- 6. Conclusions
- Acknowledgement
- References
